from penetrate and patch to building security in
play

From Penetrate and Patch to Building Security In Michael Hicks - PowerPoint PPT Presentation

From Penetrate and Patch to Building Security In Michael Hicks Professor of Computer Science and the UofM Institute for Advanced Computer Studies (UMIACS) Distinguished Scholar-Teacher talk September 28, 2015 Security breaches Just a few:


  1. From Penetrate and Patch to Building Security In Michael Hicks Professor of Computer Science and the UofM Institute for Advanced Computer Studies (UMIACS) Distinguished Scholar-Teacher talk September 28, 2015

  2. Security breaches Just a few: • TJX (2007) - 94 million records* • Adobe (2013) - 150 million records, 38 million users • eBay (2014) - 145 million records • Anthem (2014) - Records of 80 million customers • Target (2013) - 110 million records • Heartland (2008) - 160 million records *containing SSNs, credit card nums, other private info https://www.oneid.com/7-biggest-security-breaches-of-the-past-decade-2/

  3. Defects and Vulnerabilities • Many (if not all of) these breaches begin by exploiting a vulnerability • This is a security-relevant software defect (bug) or design flaw that can be exploited to effect an undesired behavior • The use of software is growing 50M LOC 2B LOC • So: more bugs and flaws • Especially in places that are new to using software … …

  4. Stuxnet specifically targets … processes such as those used to control … centrifuges for separating nuclear material . Exploiting four zero-day flaws, Stuxnet functions by targeting machines using the Microsoft Windows operating system …, then seeking out Siemens Step7 software. http://www.nytimes.com/ 2010/09/26/world/middleeast/ 26iran.html

  5. The result of their work was a hacking technique —what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control , via the Internet, to any of thousands of vehicles. http://www.wired.com/2015/07/ hackers-remotely-kill-jeep- highway/

  6. Considering Correctness • All software is buggy , isn’t it? Why not a problem from way back? • A normal user never sees most bugs , or figures out how to work around them • Therefore, companies fix the most likely bugs , to save money

  7. Considering Security Key difference: An attacker is not a normal user! • The attacker will actively attempt to find defects , using unusual interactions and features • A typical interaction with a bug results in a crash • An attacker will work to exploit the bug to do much worse , to achieve his goals

  8. Cyber-defense?

  9. Cyber-defense? Popular technologies such as firewalls , anti- virus , and intrusion detection/prevention , attempt to detect the attacks themselves. But new attacks can be produced that avoid detection but exploit the same vulnerabilities

  10. Penetrate and Patch 1. Find a vulnerability 2. Develop patch 3. Deploy patch (and detection signature) But : Still vulnerable to undiscovered bugs … and new bugs introduced by software upgrades

  11. and bugs in security products themselves! Security researcher Tavis Ormandy disclosed the existence of a vulnerability which impacts on Kaspersky [security] products . Hermansen, [another researcher,] publicly disclosed a zero-day vulnerability within cyberforensics firm FireEye's security product , complete with proof-of-concept code. http://www.zdnet.com/article/ fireeye-kaspersky-hit-with-zero- day-flaw-claims/

  12. Building Security In The long-term solution is to prevent all exploitable bugs before deploying Avoid the holes to start with!

  13. Analogy • How do you build a bridge that stands up despite harsh conditions? • Heavy use • Earthquakes • Extreme weather • Etc.

  14. Analogy • Study the problem. Develop the best Methods • Materials • Tools • • Then use them from Day 1!

  15. Analogy • Study the problem. Develop the best Methods • Materials • Tools • • Then use them from Day 1!

  16. Do not • Use methods that fail to incorporate larger lessons (i.e., from past bridges built and past failures) • Use cheap materials that are unresilient • Use unreliable tools that produce inconsistent results • Assume that you can do these things and everything will be OK (you can just patch problems later )

  17. Unless you want your bridge to fail

  18. Building Security In • What about software?

  19. Building Security In • What about software? Same idea: Security from Day 1 • Consider it in your design • Use the best tools and methods • Best programming languages • Best program development environment • Best testing and verification methods

  20. Building Security In Why not done already? • Ignorance • Unproven/insufficient technology • Concerns about cost • to change legacy programs • to (re)train staff in new process, technology, etc.

  21. Some of my work • Eliminating vulnerabilities at the outset with better languages and testing tools • Highlight: Cyclone : A safer “low level” programming language • Focusing attention on building, not breaking • Coursera on-line course on software security • Build-it, Break-it, Fix-it programming contest IT BUILD BREAK FIX

  22. From bugs to exploits

  23. Software Processor • Software consists of (CPU) instructions that tell a computer what to do • A program is a set of instructions to achieve a particular task • Instructions are kept Memory Data and within the computer’s (RAM) Instructions memory when executed by the processor

  24. Computing R = X Y • Goal: multiply X by itself a total of Y times • Program: R will contain the final result • Use a counter C to track of the number of multiplications • Like counting on your fingers!

  25. Computing R = X Y Instructions Data Set R to 1 X = 3 Set C to Y Is C ≤ 0 ? 2 Y = If so, skip to the end Set R to X · R C = Set C to C - 1 If C > 0 repeat the above two instructions R =

  26. Computing R = X Y Instructions Data Set R to 1 X = 3 Set C to Y Is C ≤ 0 ? 2 Y = If so, skip to the end Set R to X · R C = 2 Set C to C - 1 If C > 0 repeat the above two instructions R = 1

  27. Computing R = X Y Instructions Data Set R to 1 X = 3 Set C to Y Is C ≤ 0 ? 2 Y = If so, skip to the end Set R to X · R C = 1 2 Set C to C - 1 If C > 0 repeat the above two instructions R = 1 3

  28. Computing R = X Y Instructions Data Set R to 1 X = 3 Set C to Y Is C ≤ 0 ? 2 Y = If so, skip to the end Set R to X · R C = 1 0 2 Set C to C - 1 If C > 0 repeat the above two instructions R = 3 1 9 Done

  29. Computing R = X Y exp: movl $1, %eax Set R to 1 testl %esi, %esi Set C to Y jle .L3 Is C ≤ 0 ? .L6: If so, skip to the end imull %edi, %eax subl $1, %esi Set R to X · R jne .L6 Set C to C - 1 .L3: If C > 0 repeat the above two instructions machine instructions %edi = contains base value X %esi = contains exponent Y and counter C %eax = contains result R

  30. Programming Languages • Many machine instructions for simple programs - hard for humans to understand and maintain! • Programming languages designed to help • Higher level - Closer to human language • First ones (e.g., FORTRAN) in the 1950’s • Programs are translated (aka compiled ) into machine instructions to be executed by the processor • Many languages developed in the last 60 years! • Different languages have different strengths

  31. Programming Languages

  32. Programming Languages

  33. Programming Languages

  34. What is popular today? http://spectrum.ieee.org/static/interactive-the-top-programming-languages

  35. Our program in the C language int exp(int x, int y) { int r = 1; while (y > 0) { r = r * x; y = y - 1; } return r; } In Java it would look much the same, but that’s not true in general

  36. Our program in the Python language def exp(x, y): r = 1 while y > 0: r = r * x y = y - 1 return r

  37. Our program in the OCaml language let rec exp x y = if y = 0 then 1 else x * exp x (y-1)

  38. Our program in the Prolog language exp(X,0,1) :- !. exp(X,Y,R) :- Y1 is Y-1, exp(X,Y1,R1), R is X * R1.

  39. Software flaws and defects • Programmers make mistakes • So software often has defects (aka bugs ) int exp(int x, int y) { int r = 1; while (y ≥ 0) { r = r * x; should be “greater than” y = y - 1; not “greater than or equal to” } return r; }

  40. Exploitable bugs • Some bugs can be exploited • An attacker can control how the program runs so that any incorrect behavior serves the attacker • Many kinds of exploits have been developed over time, with technical names like Buffer overflow • • Use after free • SQL injection • Command injection • Cross-site scripting • Cross-site request forgery • …

  41. What is a buffer overflow? • A buffer overflow is a dangerous bug that affects programs written in C and C++ • Normally , a program with this bug will simply crash • But an attacker can alter the situations that cause the program to do much worse • Steal private information • Corrupt valuable information • Run code of the attacker’s choice

  42. Buffer overflows from 10,000 ft • Buffer = • Block of memory associated with a variable • Overflow = • Put more into the buffer than it can hold • Where does the overflowing data go?

  43. Normal interaction Password? abc123 Instructions Failed 1. print “Password?” to the screen Data 2. read input into variable X X 3. if X matches the password then log in abc123 X = 4. else print “Failed” to the screen

Recommend


More recommend